Dragonfly is a cyber espionage group that has been active since at least 2011. They initially targeted defense and aviation companies but shifted to focus on the energy sector in early 2013. They have also targeted companies related to industrial control systems. [1]

A similar group emerged in 2015 and was identified by Symantec as Dragonfly 2.0. There is debate over the extent of the overlap between Dragonfly and Dragonfly 2.0, but there is sufficient evidence to lead to these being tracked as two separate groups. [2] [3]

ID: G0035
Associated Groups: Energetic Bear
Version: 1.0
Created: 31 May 2017
Last Modified: 22 March 2019

Associated Group Descriptions

Name Description
Energetic Bear [1]


ID Name References Techniques
S0093 Backdoor.Oldrea


Account Discovery: Email Account, Archive Collected Data, Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder, Credentials from Password Stores: Credentials from Web Browsers, Data Encoding: Standard Encoding, File and Directory Discovery, Indicator Removal on Host: File Deletion, Process Discovery, Process Injection, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery
S0094 Trojan.Karagany


Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder, Data Staged: Local Data Staging, Ingress Tool Transfer, Obfuscated Files or Information: Software Packing, OS Credential Dumping, Process Discovery, Screen Capture